Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

puma — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting puma. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Puma is a popular open-source web server and application server primarily used for Ruby applications, particularly Rails. Historically, it has faced vulnerabilities across multiple classes including remote code execution, cross-site scripting, and privilege escalation. Security characteristics often involve its multi-threaded architecture and Rack interface compatibility. While no major public incidents have been widely documented, its 12 recorded CVEs highlight potential risks in areas like request handling and configuration management. The project maintains regular security updates, but administrators should prioritize patching due to its common deployment in production environments handling sensitive web traffic.

Top products by puma: puma
CVE IDTitleCVSSSeverityPublished
CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma — pumaCWE-639 5.4 Medium2024-09-19
CVE-2024-21647 HTTP Request/Response Smuggling in puma — pumaCWE-444 5.9 Medium2024-01-08
CVE-2023-40175 Inconsistent Interpretation of HTTP Requests in puma — pumaCWE-444 7.3 High2023-08-18
CVE-2022-24790 HTTP Request Smuggling in puma — pumaCWE-444 9.1 Critical2022-03-30
CVE-2022-23634 Information Exposure when using Puma with Rails — pumaCWE-200 8.0 High2022-02-11
CVE-2021-41136 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma — pumaCWE-444 3.7 Low2021-10-12
CVE-2021-29509 Keepalive Connections Causing Denial Of Service in puma — pumaCWE-400 7.5 High2021-05-11
CVE-2020-11077 HTTP Smuggling via Transfer-Encoding Header in Puma — pumaCWE-444 6.8 Medium2020-05-22
CVE-2020-11076 HTTP Smuggling via Transfer-Encoding Header in Puma — pumaCWE-444 7.5 High2020-05-22
CVE-2020-5249 HTTP Response Splitting (Early Hints) in Puma — PumaCWE-113 6.5 Medium2020-03-02
CVE-2020-5247 HTTP Response Splitting in Puma — PumaCWE-113 6.5 Medium2020-02-28
CVE-2019-16770 Potential DOS attack in Puma — pumaCWE-770 5.3 Medium2019-12-05

This page lists every published CVE security advisory associated with puma. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.